Docket No. VIV/0015.00 



PTO Cust. No. 28653 



Sheet 1/6 



O (/) 

F LU 

CO < — I 

— I < 
^ — CL h- 

c/d o: q_ < 

O Q < Q 



o 
o 





VJ 





o 








55 








LU 




o 




O 




on 




Q. 




< 




NTF 




LU 




o 





o 



CD 
I- 

o 

Q_ 



LU 

O 

> 
LU 
Q 



CD 
O 



j 



CO 
O 



Q 

< 
O 

>- 

LU 



J 




P 

CD o: 

LIS 



o 





O 

LU 
Q 

> 



01 
LU 



Q_ 

< 
Q 

< 



luo 





Docket No. VIV/0015.00 



PTO Cust. No. 28653 



Sheet 2/6 



200 



201a 



201b 



201c 



201d 



APPLICATION 
PROGRAM 1 



APPLICATION 
PROGRAM 2 



BROWSER 
PROGRAM 



[■■■] 



APPLICATION 
PROGRAM N 



201 



OPERATING SYSTEM 
(e.g., WINDOWS 9X/NT/2000/XP, SOLARIS, UNIX, LINUX, MAC OS, OR LIKE) 




GRAPHICAL 
USER INTERFACE 





220 




DEVICE DRIVERS 
(e.g., WINSOCK) 



230 



BIOS 
(MICROCODE) 



DISPLAY MONITOR 

NETWORK INTERFACE 

COMM PORT 

KEYBOARD 

MODEM 

MOUSE 

DISKS 

PRINTER 



FIG. 2 



Docket No. VIV/0015.00 



PTO Cust. No. 28653 



Sheet 3/6 



300 



360 



301 



LOCAL 
ADMINISTRATION 
MODULE 310 
(OPTIONAL) 



INPUT 
(KEYBOARD) 
FILTER 
320 



DESKTOP 
AGENT 
330 



REMOTE 
ADMINISTRATION 
MODULE 370 
(OPTIONAL) 



KEYBOARD 
(OR OTHER 
PERIPHERAL 
DEVICE) 
350 



FIG. 3 



Docket No. VIV/0015.00 



PTO Cust. No. 28653 



Sheet 4/6 



C 



BEGIN 
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400 



THE SYSTEM INITIALIZES ITSELF FOR ALL PERIPHERAL DEVICES 
THAT ARE CONNECTABLE TO THE CURRENT MACHINE (THAT 
THE DEFENSE SYSTEM IS INSTALLED ON) AND WHICH ARE 

DESIRED TO BE MONITORED. 



401 



^- 402 

I ( 

PERFORM INITIAL AUTHENTICATION FOR EACH SUCH DEVICE, 
SO THAT EACH DEVICE NOW BECOMES TRUSTED BY THE 
SYSTEM. THE ADMINISTRATOR OR USER WOULD ENTER A 

PASSWORD THAT MAY BE USED TO RE-AUTHENTICATE 
DEVICES. INDIVIDUAL PASSWORDS MAY BE ENTERED, OR 

GROUPS OF DEVICES MAY BE DEFINED (E.G., STORAGE 
DEVICES, INPUT DEVICES, OR THE LIKE) AND GIVEN GROUP 

PASSWORDS. 



^- 403 

THE SYSTEM HOOKS THE CORRESPONDING OPERATING 
SYSTEM SERVICE THAT WILL REPORT DEVICE DISCONNECTION/ 

(RE)CONNECTION EVENTS. THIS HOOKING MAY BE DONE BY 
THE DESKTOP AGENT. NOW, THE SYSTEM IS READY TO ENTER 
INTO A STEADY STATE, WHERE IT LISTENS FOR EVENTS 
INDICATING PERIPHERAL DEVICE DISCONNECTION AND/OR 

RECONNECTION. 
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500 



501 



THE SYSTEM DETECTS A DISCONNECT EVENT FOR A 

PARTICULAR DEVICE. 
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IN RESPONSE TO THIS EVENT, THE SYSTEM LOGS THE 
OCCURRENCE TO A LOG FILE AND UPDATES A 
CORRESPONDING DEVICE STATE ENTRY IN A DEVICE STATE 

TABLE. 
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THE SYSTEM MAY LOG THE OCCURRENCE TO A LOG FILE FOR 
AUDITING PURPOSES; IN THE CURRENTLY PREFERRED 
EMBODIMENT, THIS STEP IS ENABLED BY DEFAULT. 
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THE SYSTEM MAY IMMEDIATEI 

EVENT TO AN A 


_Y REPORT THE DISCONNECT 
DMINISTRATOR. 
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503 



504 



505 



THE OPERATING SYSTEM REPORTS A RECONNECTION EVENT 
TO THE DEFENSE SYSTEM. AT THIS POINT, RECONNECTION 
WOULD TYPICALLY HAVE PHYSICALLY SUCCEEDED IN ORDER 
FOR THE OPERATING SYSTEM TO REPORT THE RECONNECTION 
EVENT. OPTIONAL LOGGING AND IMMEDIATE EVENT 
REPORTING STEPS MAY OCCUR (I.E., STEPS 503 AND 504 
REPEATED TO LOG AND IMMEDIATELY REPORT THE 

RECONNECTION EVENT). 
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CONTINUE 
FROM FIG. 5A 

^- 506 



THE SYSTEM UPDATES THE DEVICE STATE ENTRY TO AWAITING 

PERMISSION (AUTHORIZATION). 
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507 



WHILE THE DEVICE IS AWAITING AUTHORIZATION, IT IS 
UNTRUSTED AND INCOMING DATA RECEIVED FROM IT WILL BE 
FILTERED/STAGED IN A QUARANTINED BUFFER. SIMILARLY, 
ANY REQUEST BY THE DEVICE FOR OUTGOING DATA IS 

BLOCKED. 
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THE SYSTEM COMMUNICATES WITH THE LOCAL 
ADMINISTRATION MODULE AND/OR REMOTE ADMINISTRATION 
MODULE, FOR PURPOSES OF AUTHORIZING OR 
REAUTHORIZING THE DEVICE. 
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AS A RESULT OF THESE COMMUNICATIONS, THE DEVICE MAY 

BE AUTHORIZED/ALLOWED OR DENIED, OR THE 
ADMINISTRATOR OR USER MAY INDICATE THAT THE DEVICE 
WILL REMAIN UNTRUSTED UNTIL PHYSICAL INSPECTION/ 

PHYSICAL ACTION. 
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FIG. 5B 



